Challenging economic conditions combined with drastic changes in the workforce demographic are increasing the occurrence of malicious activity, particularly by disgruntled insiders. A malicious insider is a current or former employee, contractor or business partner who has or had authorized access to an organization's network, systems, data and other resources. Typically, the insider's behavior is considered malicious or high risk, because they intentionally exceeded or misused their access privileges in a manner that negatively affected the confidentiality, integrity or availability of the organization's information or information systems. Unfortunately, the ability of an organization to perform comprehensive monitoring of high risk user activity is limited, as traditional systems are primarily aimed at outside intrusions.
Based on the foregoing, there is a need for an effective approach to monitoring high risk users.